diff --git a/.github/workflows/bundle-release.yml b/.github/workflows/bundle-release.yml index 57dd96ce..2244ff1b 100644 --- a/.github/workflows/bundle-release.yml +++ b/.github/workflows/bundle-release.yml @@ -4,15 +4,15 @@ on: workflow_dispatch: inputs: tag: - description: 'Version Tag' + description: "Version Tag" required: true openshift: - description: 'Publish to openshift certificated' + description: "Publish to openshift certificated" required: true default: true type: boolean operatorhub: - description: 'Publish to operatorhub.io' + description: "Publish to operatorhub.io" required: true default: true type: boolean @@ -49,10 +49,10 @@ jobs: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Set up GO 1.24.6 + - name: Set up GO 1.24.10 uses: actions/setup-go@v1 with: - go-version: 1.24.6 + go-version: 1.24.10 id: go - name: InstallKubebuilder @@ -144,7 +144,7 @@ jobs: git add . git commit -s -m "operator function-mesh ($VERSION)" git push --set-upstream origin $BRANCH - + wget https://raw.githubusercontent.com/streamnative/function-mesh/master/.github/openshift/community-operators -O ../.github/community-operators gh pr create --title "operator function-mesh ($VERSION)" -F ../.github/community-operators -R k8s-operatorhub/community-operators popd @@ -180,10 +180,10 @@ jobs: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Set up GO 1.24.6 + - name: Set up GO 1.24.10 uses: actions/setup-go@v1 with: - go-version: 1.24.6 + go-version: 1.24.10 id: go - name: InstallKubebuilder @@ -260,9 +260,9 @@ jobs: echo $VERSION export TARGET_DIR=/tmp/artifacts export AUTHFILE=/tmp/authfile.json - mkdir $TARGET_DIR + mkdir $TARGET_DIR echo $REDHAT_CERTIFICATED_CONTAINER_AUTHFILE > $AUTHFILE - cat $AUTHFILE + cat $AUTHFILE docker run -i --rm --security-opt=label=disable --env PFLT_LOGLEVEL=trace --env PFLT_ARTIFACTS=/artifacts --env PFLT_LOGFILE=/artifacts/preflight.log --env PFLT_CERTIFICATION_PROJECT_ID=$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN --env PFLT_DOCKERCONFIG=/temp-authfile.json -v $TARGET_DIR:/artifacts -v $AUTHFILE:/temp-authfile.json:ro quay.io/opdev/preflight:stable check container quay.io/redhat-isv-containers/$CONTAINER_IMAGE_CERTIFICATION_PROJECT_ID:$VERSION --submit sleep 60s diff --git a/.github/workflows/olm-verify.yml b/.github/workflows/olm-verify.yml index e12a19f8..105b42ba 100644 --- a/.github/workflows/olm-verify.yml +++ b/.github/workflows/olm-verify.yml @@ -2,15 +2,15 @@ name: Precommit - OLM verify on: pull_request: branches: - - '*' + - "*" paths-ignore: - - 'docs/**' - - 'README.md' - - 'CHANGELOG.md' - - 'PROJECT' - - 'LICENSE' - - 'mesh-worker-service/README.md' - - 'tools/README.md' + - "docs/**" + - "README.md" + - "CHANGELOG.md" + - "PROJECT" + - "LICENSE" + - "mesh-worker-service/README.md" + - "tools/README.md" jobs: olm-verify: name: Verify OLM bundle @@ -34,10 +34,10 @@ jobs: - name: checkout uses: actions/checkout@v2 - - name: Set up GO 1.24.6 + - name: Set up GO 1.24.10 uses: actions/setup-go@v1 with: - go-version: 1.24.6 + go-version: 1.24.10 id: go - name: InstallKubebuilder @@ -69,7 +69,7 @@ jobs: CATALOG_BRANCH_TAG: latest run: | echo $VERSION - make redhat-certificated-image-build redhat-certificated-image-push redhat-certificated-bundle redhat-certificated-bundle-build redhat-certificated-bundle-push catalog-build catalog-push + make redhat-certificated-image-build redhat-certificated-image-push redhat-certificated-bundle redhat-certificated-bundle-build redhat-certificated-bundle-push catalog-build catalog-push - name: Install the Operator Lifecycle Manager run: | diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 1b5e764f..bbd5211b 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -2,15 +2,15 @@ name: Precommit - Unit Tests on: pull_request: branches: - - '*' + - "*" paths-ignore: - - 'docs/**' - - 'README.md' - - 'CHANGELOG.md' - - 'PROJECT' - - 'LICENSE' - - 'mesh-worker-service/README.md' - - 'tools/README.md' + - "docs/**" + - "README.md" + - "CHANGELOG.md" + - "PROJECT" + - "LICENSE" + - "mesh-worker-service/README.md" + - "tools/README.md" jobs: build: name: unit-tests @@ -18,7 +18,7 @@ jobs: strategy: fail-fast: false matrix: - go-version: [1.22.12, 1.24.6] + go-version: [1.22.12, 1.24.10] steps: - name: Free Disk Space (Ubuntu) uses: jlumbroso/free-disk-space@v1.3.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2e328fd8..fd136080 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,10 +37,10 @@ jobs: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Set up GO 1.24.6 + - name: Set up GO 1.24.10 uses: actions/setup-go@v1 with: - go-version: 1.24.6 + go-version: 1.24.10 id: go - name: InstallKubebuilder @@ -103,4 +103,4 @@ jobs: file: install.sh asset_name: install.sh tag: ${{ github.ref }} - overwrite: true \ No newline at end of file + overwrite: true diff --git a/.github/workflows/test-helm-charts.yml b/.github/workflows/test-helm-charts.yml index c9ed41e0..05133dbd 100644 --- a/.github/workflows/test-helm-charts.yml +++ b/.github/workflows/test-helm-charts.yml @@ -21,15 +21,15 @@ name: Precommit - Helm Chart (Basic Installation) on: pull_request: branches: - - '*' + - "*" paths-ignore: - - 'docs/**' - - 'README.md' - - 'CHANGELOG.md' - - 'PROJECT' - - 'LICENSE' - - 'mesh-worker-service/README.md' - - 'tools/README.md' + - "docs/**" + - "README.md" + - "CHANGELOG.md" + - "PROJECT" + - "LICENSE" + - "mesh-worker-service/README.md" + - "tools/README.md" jobs: lint-test: runs-on: ubuntu-latest @@ -83,11 +83,11 @@ jobs: run: hack/kind-cluster-build.sh --name chart-testing -c 1 -v 10 --k8sVersion v1.23.17 if: steps.list-changed.outputs.changed == 'true' - - name: Set up GO 1.24.6 + - name: Set up GO 1.24.10 if: steps.list-changed.outputs.changed == 'true' uses: actions/setup-go@v1 with: - go-version: 1.24.6 + go-version: 1.24.10 id: go - name: setup kubebuilder 3.6.0 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a2c29894..9905a972 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -2,15 +2,15 @@ name: Precommit - Scan security vulnerabilities on: pull_request: branches: - - '*' + - "*" paths-ignore: - - 'docs/**' - - 'README.md' - - 'CHANGELOG.md' - - 'PROJECT' - - 'LICENSE' - - 'mesh-worker-service/README.md' - - 'tools/README.md' + - "docs/**" + - "README.md" + - "CHANGELOG.md" + - "PROJECT" + - "LICENSE" + - "mesh-worker-service/README.md" + - "tools/README.md" permissions: pull-requests: write @@ -34,10 +34,10 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} ref: ${{ github.event.pull_request.head.sha }} - - name: Set up GO 1.24.6 + - name: Set up GO 1.24.10 uses: actions/setup-go@v1 with: - go-version: 1.24.6 + go-version: 1.24.10 id: go - name: InstallKubebuilder @@ -68,9 +68,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'function-mesh-operator:latest' - format: 'table' - exit-code: '1' + image-ref: "function-mesh-operator:latest" + format: "table" + exit-code: "1" - name: Build runner images run: | @@ -80,46 +80,46 @@ jobs: id: scan-java-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-java-runner:latest' - format: 'table' - exit-code: '0' + image-ref: "pulsar-functions-java-runner:latest" + format: "table" + exit-code: "0" - name: Run Trivy vulnerability scanner for python id: scan-python-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-python-runner:latest' - format: 'table' - exit-code: '0' + image-ref: "pulsar-functions-python-runner:latest" + format: "table" + exit-code: "0" - name: Run Trivy vulnerability scanner for go id: scan-go-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-go-runner:latest' - format: 'table' - exit-code: '0' + image-ref: "pulsar-functions-go-runner:latest" + format: "table" + exit-code: "0" - name: Run Trivy vulnerability scanner for java with pulsarctl id: scan-java-pulsarctl-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-pulsarctl-java-runner:latest' - format: 'table' - exit-code: '0' + image-ref: "pulsar-functions-pulsarctl-java-runner:latest" + format: "table" + exit-code: "0" - name: Run Trivy vulnerability scanner for python with pulsarctl id: scan-python-pulsarctl-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-pulsarctl-python-runner:latest' - format: 'table' - exit-code: '0' + image-ref: "pulsar-functions-pulsarctl-python-runner:latest" + format: "table" + exit-code: "0" - name: Run Trivy vulnerability scanner for go with pulsarctl id: scan-go-pulsarctl-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-pulsarctl-go-runner:latest' - format: 'table' - exit-code: '0' \ No newline at end of file + image-ref: "pulsar-functions-pulsarctl-go-runner:latest" + format: "table" + exit-code: "0" diff --git a/.github/workflows/trivy_scheduled_master.yml b/.github/workflows/trivy_scheduled_master.yml index cd63554f..c53323a7 100644 --- a/.github/workflows/trivy_scheduled_master.yml +++ b/.github/workflows/trivy_scheduled_master.yml @@ -2,17 +2,17 @@ name: Scheduled master branch scan security vulnerabilities on: pull_request: branches: - - 'master' + - "master" paths-ignore: - - 'docs/**' - - 'README.md' - - 'CHANGELOG.md' - - 'PROJECT' - - 'LICENSE' - - 'mesh-worker-service/README.md' - - 'tools/README.md' + - "docs/**" + - "README.md" + - "CHANGELOG.md" + - "PROJECT" + - "LICENSE" + - "mesh-worker-service/README.md" + - "tools/README.md" schedule: - - cron: '0 0 * * *' + - cron: "0 0 * * *" permissions: pull-requests: write @@ -45,10 +45,10 @@ jobs: repository: ${{github.event.pull_request.head.repo.full_name}} ref: ${{ github.event.pull_request.head.sha }} - - name: Set up GO 1.24.6 + - name: Set up GO 1.24.10 uses: actions/setup-go@v1 with: - go-version: 1.24.6 + go-version: 1.24.10 id: go - name: InstallKubebuilder @@ -79,9 +79,9 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'function-mesh-operator:latest' - format: 'table' - exit-code: '1' + image-ref: "function-mesh-operator:latest" + format: "table" + exit-code: "1" - name: Build runner images run: | @@ -91,82 +91,82 @@ jobs: id: scan-java-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-java-runner:latest' - format: 'table' - exit-code: '0' + image-ref: "pulsar-functions-java-runner:latest" + format: "table" + exit-code: "0" - name: Run Trivy vulnerability scanner for python id: scan-python-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-python-runner:latest' - format: 'table' - exit-code: '0' + image-ref: "pulsar-functions-python-runner:latest" + format: "table" + exit-code: "0" - name: Run Trivy vulnerability scanner for go id: scan-go-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-go-runner:latest' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results-go.sarif' - severity: 'LOW,MEDIUM,HIGH,CRITICAL' - exit-code: '0' + image-ref: "pulsar-functions-go-runner:latest" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results-go.sarif" + severity: "LOW,MEDIUM,HIGH,CRITICAL" + exit-code: "0" - name: Run Trivy vulnerability scanner for java with pulsarctl id: scan-java-pulsarctl-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-pulsarctl-java-runner:latest' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' - severity: 'LOW,MEDIUM,HIGH,CRITICAL' - exit-code: '0' + image-ref: "pulsar-functions-pulsarctl-java-runner:latest" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + severity: "LOW,MEDIUM,HIGH,CRITICAL" + exit-code: "0" - name: Run Trivy vulnerability scanner for python with pulsarctl id: scan-python-pulsarctl-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-pulsarctl-python-runner:latest' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results-python.sarif' - severity: 'LOW,MEDIUM,HIGH,CRITICAL' - exit-code: '0' + image-ref: "pulsar-functions-pulsarctl-python-runner:latest" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results-python.sarif" + severity: "LOW,MEDIUM,HIGH,CRITICAL" + exit-code: "0" - name: Run Trivy vulnerability scanner for go with pulsarctl id: scan-go-pulsarctl-runner uses: aquasecurity/trivy-action@master with: - image-ref: 'pulsar-functions-pulsarctl-go-runner:latest' - format: 'template' - exit-code: '0' - template: '@/contrib/sarif.tpl' - output: 'trivy-results-pulsarctl.sarif' - severity: 'LOW,MEDIUM,HIGH,CRITICAL' + image-ref: "pulsar-functions-pulsarctl-go-runner:latest" + format: "template" + exit-code: "0" + template: "@/contrib/sarif.tpl" + output: "trivy-results-pulsarctl.sarif" + severity: "LOW,MEDIUM,HIGH,CRITICAL" - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: 'trivy-results.sarif' - category: 'Default' + sarif_file: "trivy-results.sarif" + category: "Default" - name: Upload Trivy go scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: 'trivy-results-go.sarif' - category: 'Golang' + sarif_file: "trivy-results-go.sarif" + category: "Golang" - name: Upload Trivy pulsarctl scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: 'trivy-results-pulsarctl.sarif' - category: 'Pulsarctl' + sarif_file: "trivy-results-pulsarctl.sarif" + category: "Pulsarctl" - name: Upload Trivy python scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: 'trivy-results-python.sarif' - category: 'Python' \ No newline at end of file + sarif_file: "trivy-results-python.sarif" + category: "Python" diff --git a/Dockerfile b/Dockerfile index 03758e78..0d702d7a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.24.6-bullseye as builder +FROM golang:1.24.10-trixie as builder WORKDIR /workspace/api COPY api/ . diff --git a/api/go.mod b/api/go.mod index 3da3ac8e..fa5b243c 100644 --- a/api/go.mod +++ b/api/go.mod @@ -1,6 +1,6 @@ module github.com/streamnative/function-mesh/api -go 1.24.6 +go 1.24.10 require ( k8s.io/api v0.30.9 diff --git a/go.mod b/go.mod index 181b0ede..3b94e74a 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/streamnative/function-mesh -go 1.24.6 +go 1.24.10 require ( github.com/apache/pulsar-client-go v0.9.1-0.20230816081803-fbee610ddcbf diff --git a/images/samples/go-function-samples/Dockerfile b/images/samples/go-function-samples/Dockerfile index 891e0973..2d378bcc 100644 --- a/images/samples/go-function-samples/Dockerfile +++ b/images/samples/go-function-samples/Dockerfile @@ -1,5 +1,5 @@ ARG PULSAR_IMAGE_TAG -FROM golang:1.24.6-bullseye as builder +FROM golang:1.24.10-trixie as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/images/samples/go-function-samples/func/go.mod b/images/samples/go-function-samples/func/go.mod index 1d6a92e8..56ffaf17 100644 --- a/images/samples/go-function-samples/func/go.mod +++ b/images/samples/go-function-samples/func/go.mod @@ -1,6 +1,6 @@ module github.com/apache/pulsar/pulsar-function-go/examples -go 1.24.6 +go 1.24.10 require github.com/apache/pulsar/pulsar-function-go v0.0.0-20250430085326-611dc3f360b5 diff --git a/redhat.Dockerfile b/redhat.Dockerfile index 397fe0b1..14c0ff1c 100644 --- a/redhat.Dockerfile +++ b/redhat.Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.24.6-bullseye as builder +FROM golang:1.24.10-trixie as builder WORKDIR /workspace/api COPY api/ . @@ -30,12 +30,12 @@ FROM registry.access.redhat.com/ubi8/ubi-micro:latest ARG VERSION LABEL name="function-mesh-operator" \ - vendor="StreamNative, Inc." \ - maintainer="StreamNative, Inc." \ - version="${VERSION}" \ - release="${VERSION}" \ - summary="Function Mesh Operator is a Kubernetes operator that enables users to run Pulsar Functions and Pulsar connectors natively on Kubernetes." \ - description="By providing a serverless framework that enables users to organize a collection of Pulsar Functions and connectors, Function Mesh simplifies the process of creating complex streaming jobs. Function Mesh is a valuable tool for users who are seeking cloud-native serverless streaming solutions" + vendor="StreamNative, Inc." \ + maintainer="StreamNative, Inc." \ + version="${VERSION}" \ + release="${VERSION}" \ + summary="Function Mesh Operator is a Kubernetes operator that enables users to run Pulsar Functions and Pulsar connectors natively on Kubernetes." \ + description="By providing a serverless framework that enables users to organize a collection of Pulsar Functions and connectors, Function Mesh simplifies the process of creating complex streaming jobs. Function Mesh is a valuable tool for users who are seeking cloud-native serverless streaming solutions" WORKDIR / COPY --from=builder /workspace/manager .